CCIA Concerned About Size and Scope of Hawaii’s Pending Data Retention Bill

BY CCIA Staff
January 26, 2012

Today the Hawaiian State House debated a newly introduced piece of legislation, H.B. 2288, which would create a massive requirement for Hawaiian businesses to gather dossiers about all of their customers and store them for two years. The bill, a little shorter than two pages in length, would not just mandate retention of assigned IP addresses, along with user information like name and address, but also a log of every single website across the Internet that each user visits.

The bill also does not take into account small businesses that offer incidental wireless Internet access, such as coffee shops or libraries. The cost of implementing a system capable of storing this type of data is also not addressed by the legislation.

The following comments can be attributed to Computer & Communications Industry Association President & CEO Ed Black:

“This proposed legislation represents a stunningly simplistic overreach into a deeply technical area of law. It is at the same time infeasible to implement, overbroad in its application, and a violation of basic privacy best practices. This is another example of government reaching to exploit technology that makes possible vastly increased surveillance of the public.”

“Government already has the ability to order any ISP to retain certain information without a court order. This existing method of data preservation is much less burdensome, creates a much smaller privacy impact, and provides a small opportunity for abuse by government officials.”

Related Articles

CCIA Whitepaper Identifies National Security Risks Posed By House Bills Targeting U.S. Tech Companies

Sep 13, 2021

Washington — The Computer & Communications Industry Association has released a white paper on the national security implications of several House-passed bills aimed at a handful of U.S. tech companies as they compete with foreign companies. These bills were introduced in June 2021 and were marked up without legislative hearings or input from stakeholders, particularly…

New EU Cybersecurity Rules Should Promote Security Mitigation, Avoid Compliance Red Tape

Dec 16, 2020

Brussels, BELGIUM — The European Commission published today a legislative proposal to update the 2016 Network and Information Security Directive.  The proposal aims to reduce regulatory inconsistencies across the EU’s internal market and it encourages security information sharing to help companies effectively address future cybersecurity risks. But the proposal also suggests that cloud computing providers,…

CCIA Offers European Commission Comments On Data Transfer Method

Dec 11, 2020

CCIA submitted comments to the European Commission on the draft new Standard Contractual Clauses (‘SCC’) to transfer data outside of the EU. CCIA believes this transfer tool will pave the way towards greater legal certainty for most data transfers outside the European Union. However, the tool could still be made more practical for companies to…